<?php
require_once("inc.public.php");

$this_title=__($vars["title"])." &raquo; ".__("Retrieve Forgotten Password");
$page_title=__("Account Password Retrieval");

if($_POST["__req"]){
 if(!strlen($post_s["username"]) || !strlen($post_s["email"])){
  $errmsg.=__("Please provide your member ID and email to proceed.")."<br />\n";
 }else{
  if(!$t=@mysql_num_rows($r=mysql_query("select * from $db->users where username='$post_d[username]' and email='$post_d[email]'"))){
   $errmsg.=__("The member ID / email that you have provided does not exist in the database.")."<br />\n";
  }else{
   for($i=0;$i<$t;$i++){
    $users[$i]=mysql_fetch_assoc($r);
    $user_detail.="<p style='font-weight:bold;'>".replace_tag(__("Member ID: <%code%>"), array("<%code%>"=>strval($users[$i]["code"])))."<br />\n".replace_tag(__("Password: <%pass%>"), array("<%pass%>"=>strval($users[$i]["password"])))."<br />\n".replace_tag(__("AuthCode: <%auth%>"), array("<%auth%>"=>strval($users[$i]["ewallet_password"])))."<br />\n</p>\n";
   }
  }
 }

 if(!$errmsg){
  $u_sub=__($vars["title"])." - ".__("Account Password Retrieval");
  $u_msg=
  "<p>".replace_tag(__("Dear <%name%>"), array("<%name%>"=>$users[0]['code'])).__(",")."</p>
  <p>".__("On our record, you have requested to retrieve your forgotten password. Your account(s) detail together with the password is listed below.")."</p>
  <p>$user_detail</p>
  <p>".__("If you do not requested for this password retrieval, you can simply ignore this email since only you will receive this email. For more information, please contact us.")."</p>";
  $email_return = email_user($users[0]["email"], $users[0]["username"], $u_sub, $u_msg);
  if($email_return<>""){
   $errmsg.=__("We have some error processing your request and we cannot continue.")." ".__("You can try again. If the problem persists, please contact us.").$email_return."<br />\n";
  }else{
   if($users[0]['email']==$post_s['email']){
    $dis_email=$users[0]['email'];
   }else{
    $i=strlen($before_a=preg_replace('/@.+$/', '', $users[0]['email']));
    $after_a=substr($users[0]['email'], $i);
    if($i>5){
     $before_a=substr($before_a, 0, strlen($before_a)-5)."xxxxx";
    }else{
     for($j=0;$j<$i;$j++){
      $new_ba.="x";
     }
     $before_a=$new_ba;
    }
    $dis_email=$before_a.$after_a;
   }
   $msg="<table width='100%' height='169'  border='0' align='left' class='grey_bg'><tr><td align='center'>".replace_tag(__("Your request to retrieve your account password has been successful and an email including your account details has been sent to your email address of <%email%>."), array("<%email%>"=>$dis_email))."<br />\n</td></tr></table>";
   print format_public_page(format_msg($msg), $this_title, $this_title);
   exit();
  }
 }

 $errmsg=$errmsg? format_err($errmsg) : "";
}

$forgot_pass=($msg || $errmsg? $errmsg.$msg : "")."<link href='/images/ironmenfx/css/mystyle.css' rel='stylesheet' type='text/css' />
<section class='main'>
<form class='form-4' name='forgot_pass' method='post' action='$this_file'>
<input type='hidden' name='__req' value='1' />

            <h1>".__("Forgot Password")."</h1>
            <p>
                <label for='login'>".__('Username')."</label>
                <input name='username' id='log_username' type='text' class='grey_bg' size='40' placeholder='Username' />
            </p>
            <p>
                <label for='password'>".__('Email')."</label>
                <input name='email' id='log_email' type='text' class='grey_bg' size='40' placeholder='Email' />
            </p>
            <p>
                <input name='Submit' type='button' onclick='this.disabled=true; this.form.submit();' value='".__('Retrieve Password')."'>
                <input type='button' onclick=\"parent.location='index.php'\" value='".__('Back to Login')."'>
            </p>
</form></section>";

$content=$forgot_pass;

print format_public_page($content, $this_title, $this_title);
?>